05-26-2009 11:12 AM
Dear Experts,
Can you tell me which Table contained user name and tcode field?
Thanks and Best regards,
wilson
05-27-2009 6:17 PM
You can't find this details from one table only.
1. Find out the list of roles available for each user from the table AGR_USERS
2. After extracting the list of point 1, put those roles in table AGR_TCODES and find out the list of Tcodes for those role.
You can also see this list very easily as described by Barnerd.
Regards,
Dipanjan
05-26-2009 11:17 AM
05-27-2009 9:09 AM
Hi Juan,
Thanks, but do you have any idea how to list user permission of all tcode they have it.
wilson
05-27-2009 9:15 AM
05-27-2009 9:30 AM
Hi Wilson,
use the user information system, t-code SUIM.
For instance 'transactions-> executable for user' or 'User->by Transaction Authorization',.....
b.rgds
Bernhard
05-27-2009 6:17 PM
You can't find this details from one table only.
1. Find out the list of roles available for each user from the table AGR_USERS
2. After extracting the list of point 1, put those roles in table AGR_TCODES and find out the list of Tcodes for those role.
You can also see this list very easily as described by Barnerd.
Regards,
Dipanjan
05-27-2009 7:11 PM
> put those roles in table AGR_TCODES and find out the list of Tcodes for those role.
That will only return the tcodes listed in the role menus, not in the actual authorizations. Use AGR_1251 and filter on object S_TCODE for those.
05-27-2009 7:48 PM
>
> > put those roles in table AGR_TCODES and find out the list of Tcodes for those role.
>
> That will only return the tcodes listed in the role menus, not in the actual authorizations. Use AGR_1251 and filter on object S_TCODE for those.
This correct too..!!
Wilson: Please use this approach in case any TCodes are entered in manually included S_TCODE in the role and don't follow the point 2 I suggested. Otherwise, it is fine. Still to be in safer side, please use this approach.
regards, Dipanjan
05-27-2009 9:20 PM
> this approach in case any TCodes are entered in manually included S_TCODE in the role
Okay, I will try this one more time: several transactions have S_TCODE proposals in their "SU24 settings". In a perfectly SAP-standard world with no manual additions to S_TCODE there can be more transactions in the profile than in the role menu. Please do not try to link this exclusively to manually entered S_TCODE values.
I've had enough fights with customers accusing me of entering transactions into S_TCODE manually just because AGR_TCODES wouldn't sync with AGR_1251 filtered on S_TCODE. That is just not the correct way of measuring/finding non-standard role building.
Thank you
Jurjen
05-27-2009 9:33 PM
Mee too. Even currently I am doing such design for a part of QM of my client. You will find this very frequent manner in Plant Maintenance (including QM). For e.g. you build a role with IW22... it is expected to have only IW22 for TCD field ... but it also calls IQS2. (see below example).
IW22 I_BEGRP TCD IQS2
IW22
I_INGRP TCD IQS2
IW22
I_IWERK TCD IQS2
IW22
I_KOSTL TCD IQS2
IW22
I_QMEL TCD IQS2
IW22
I_SWERK TCD IQS2
IW22
I_TCODE TCD IQS2
IW22
S_TCODE TCD IQS2
In PM, such Objects are: I_BEGRP, I_INGRP, I_IWERK, I_KOSTL, I_QMEL, I_ROUT1, I_SWERK, I_TCODE
Regards,
Dipanjan
05-27-2009 9:54 PM
You need to be even more carefull with parameter transactions.
If SU24 is not maintained for them, PFCG will pull the proposals from the core transaction (via which the parameters are used in the skip screen feature...). If the core transaction has authority proposals for S_TCODE, then you will get those tcodes and their proposals as well.
A carefull choice of menu objects (not only limited to Tcodes), taking heed of SU24 defaults and tuning it to meet your needs is the key. But it requires organizational discipline and good training, otherwise rather dont use it for anything other than important objects which you want to control manually only, even if your business roles are a mess.
You can also restrict the authorizations of the security admins for example (as unpopular as that may sound... to segregate authorization concept development (SU24 etc), role building development (PFCG etc) and user administration (SU01 etc). Object S_USER_TCD also has a field called TCD...
There are also other objects (as Dipanjan has pointed out) which have TCD as a field of an object which is not S_TCODE. In addition to I_TCODE, Q_TCODE, P_TCODE, see also S_IDOCMONI for example.
To be honest I have given up on trying to find them all
The easiest solution is to use the menu and maintain SU24 when the transaction is configured or the application is developed and tested. That is what SAP does as well in SU22. It is more work upfront, but more sustainable in the long run.
If your users (and auditors) only see the menu (and use the SUIM --> Executable transactions) options, then you can get away with it in the short or even medium term. Latest when someone else need to maintain the roles they will hate it...
My 2 cents,
Julius
05-27-2009 9:46 PM
05-27-2009 10:02 PM
> Write a query using SQVI (Table join)
>
> AGR_TCODES
> AGR_ROLES
>
> Join role in two tables.
This answer is incorrect.
For AGR_TCODES see the ongoing discussion about AGR_TCODES vs AGR_1251 filtered on S_TCODE.
AGR_ROLES? No idea what's meant here. If it was AGR_USERS then this answer already has been given earlier in the thread albeit without SQVI. This will only return menu entries, not authorizations.
05-27-2009 10:47 PM
Sorry. It was typo, it should be AGR_USERS.
The question states for the user name and their transaction codes, if I understand correctly.
When we create a query, it gives the details of USER NAME / ROLES AND TRANSACTION CODES in a single sheet.
We can use PIVOTAL TABLE function in EXCEL, pick user name and transaction codes it gives a summarized report.
Regards,
Ravi
09-28-2009 5:30 AM
05-30-2009 5:18 AM
hii,
For this u have to write a sqvi query by joining two tables agr_users and agr_tcodes u can get a list
of users with tcodes
Thanks and reagrds...............
05-30-2009 9:59 AM
>
> hii,
>
> For this u have to write a sqvi query by joining two tables agr_users and agr_tcodes u can get a list
> of users with tcodes
>
> Thanks and reagrds...............
As Jurjen has pointed out, this will give you an incomplete list which you should not rely on.
06-02-2009 7:23 AM
Hi,
That's exact what I want to do it, because I am now facing the problems. I couldn't merge data from these two table, because the rows is more than 65400 rows, excel could not be generate it. If you could teach me how, that's will be grace for me.
wilson
06-02-2009 8:45 AM
Grace comes with MS Office Excel 2007 (1,048,576 rows) or MS Access.
Cheers,
Julius
06-04-2009 9:06 AM
06-04-2009 11:00 AM
Hello,
Julius is trying to tell, if your local PC is having Microsoft Excel Version 2007 version, you can download more than million records, if you having 2003 version your download is restricted around 65000 line item. Therefore, ask you local system administrator to add 2007 MS Office version in your PC.
There is nothing special that can be teached.
Regards,
Ravi
09-30-2015 7:19 AM
03-13-2023 7:57 AM